Enable requirements for Logon Duration Analysis

This script is designed to enhance the login measurements in a computer using auditpol, wevutil and reg commands and complete the requisites for the Analyze Logon Duration Script.
It will additionally increase the size of the Group Policy and Print Service Event logs to retain the information for a couple of hours after login.
Important note: This script modifies the audit policies on a computer and should be used with caution. If in doubt consult with your IT Security team.
Version 2.1.5
Created on 2019-05-01
Modified on 2020-07-19
Created by Marcel Calef
Downloads: 692

The Script Copy Script Copied to clipboard
:: NAME: Enable requirements for Logon Duration Analysis
::   This script is designed to enhance the login measurements in a computer using auditpol, 
::   wevutil and reg commands and complete the requisites for the Analyze Logon Duration Script.
::   It will additionally increase the size of the Group Policy and Print Service Event logs 
::   to retain the information for a couple of hours after login.
::   Important note: This script modifies the audit policies on a computer and should be used with caution. 
::   If in doubt consult with your IT Security team.
::
:: CREDIT:       Guy Leech, Trentent Tye 
:: PUBLISHED BY: Marcel Calef

:: Enable Command Line Auditing
reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\Audit" /v ProcessCreationIncludeCmdLine_Enabled /d 0x1 /f

:: Enable Print Service logging, no retention, size 50MB
wevtutil sl Microsoft-Windows-PrintService/Operational /ms:52428800 /rt:false /ab:false /e

:: Enable Group Policy logging, no retention, size 50MB
wevtutil sl  Microsoft-Windows-GroupPolicy/Operational  /ms:52428800 /rt:false /ab:false /e

:: Enable Process Termination audit policy
Auditpol /set /subcategory:"Process Termination" /success:enable

:: Enable Process Creation audit policy
Auditpol /set /subcategory:"Process Creation" /success:enable

:: Enable Logon Audit policy
Auditpol /set /subcategory:"Logon" /success:enable